From 750d4e07dd4379d0d1a7e3a56b2997401bdbfa7e Mon Sep 17 00:00:00 2001
From: Jack Grigg <jack@z.cash>
Date: Thu, 20 Oct 2016 12:58:51 -0500
Subject: [PATCH] Document that wallet encryption is disabled

---
 doc/security-warnings.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/doc/security-warnings.md b/doc/security-warnings.md
index c5c34085..a4a4060a 100644
--- a/doc/security-warnings.md
+++ b/doc/security-warnings.md
@@ -14,6 +14,25 @@ make proving keys generated on 64-bit systems unusable on 32-bit and big-endian
 systems. It's unclear if a warning will be issued in this case, or if the
 proving system will be silently compromised.
 
+Wallet Encryption
+-----------------
+
+Wallet encryption is disabled, for several reasons:
+
+- Encrypted wallets are unable to correctly detect shielded spends (due to the
+  nature of unlinkability of JoinSplits) and will incorrectly show much larger
+  available shielded balances until the next time the wallet is unlocked.
+
+- While encrypted wallets prevent spending of funds, they do not maintain the
+  shielding properties of JoinSplits (due to the need to detect spends). That
+  is, someone with access to an encrypted wallet.dat has full visibility of
+  your entire transaction graph (other than newly-detected spends, which suffer
+  from the earlier issue).
+
+You should use full-disk encryption (or encryption of your home directory) to
+protect your wallet at rest, and should assume (even unprivileged) users who are
+runnng on your OS can read your wallet.dat file.
+
 Side-Channel Attacks
 --------------------